function register_user()
{
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$captcha = trim($_POST["captcha"]);
//if not valid captcha()
include_once "/var/www/includes/captch_code.php";
if (check_code($captcha)) {
//sanitize input fields;
$cr = new crypto();
$password_hash = $cr->one_way_crypt($password);
//add new user to database
$u = new user();
try {
if ($u->create_user($username, $password_hash, $email)) {
$uid = $u->get_user_id($email);
$token = base64_encode($cr->encrypt($uid));
//send activation email
$link = "http://punbt090pc/activate.php?u=" . urlencode($token);
include_once "/var/www/includes/email.php";
send_activation_email($email, $link);
set_registration_error("An activation email has been sent to your inbox (Please check your junkbox in case you have not received it).");
} else {
//send back to registration page
header("Location: /register.php");
}
} catch (Exception $e) {
set_registration_error("UserName Or Email is already registered");
}
} else {
set_registration_error("Invalid Captcha");
}
}
public function handle()
{
session_start();
$username = I('post.username');
$userpad = I('post.userpassword');
$userpassword = md5($userpad);
$code = I('post.code');
if ($username == '' || $userpad == '') {
echo "<script language=\"javascript\">";
echo "alert(\"对不起,用户名或密码不能为空!\");location.href='" . $_SERVER["HTTP_REFERER"] . "'";
echo "</script>";
} else {
$where['name'] = $username;
$password = M('user')->where($where)->getField('password');
if (!check_code($code)) {
echo "<script language=\"javascript\">";
echo "alert(\"验证码错误!!\");location.href='" . $_SERVER["HTTP_REFERER"] . "'";
echo "</script>";
} else {
if ($password == $userpassword) {
echo "<script language=\"javascript\">";
echo "alert(\"登陆成功!!\");";
echo "</script>";
$_SESSION['username'] = $username;
$this->success("", U('Home/Waterfall/waterfall', '', ''));
} else {
echo "<script language=\"javascript\">";
echo "alert(\"对不起,用户名或密码错误!!\");location.href='" . $_SERVER["HTTP_REFERER"] . "'";
echo "</script>";
}
}
}
}
function add_option($params)
{
global $DETDB;
if (is_array($params)) {
$custom = (array) new option($params, true);
$custom['code'] = canone_code($custom['code']);
if (validate_code($custom['code'])) {
if (!check_code('options', $custom['code'], 'code')) {
return $DETDB->insert('options', $custom);
} else {
push_output_message(array('text' => 'Данный код уже занят.', 'title' => 'Ошибка!', 'class' => 'alert alert-warning', 'type' => 'error'));
}
} else {
push_output_message(array('text' => 'Отправлен неправильный (невалидный) код.', 'title' => 'Ошибка!', 'class' => 'alert alert-warning', 'type' => 'error'));
}
}
return false;
}
/**
* @Author: gaohuabin
* @Date: 2015-12-07 14:43:31
* @Last Modified by: gaohuabin
* @Last Modified time: 2015-12-21 22:00:08
*/
//定义一个常量,用来授权调用includes里面的文件
define('IN_TG', true);
session_start();
//引入公共文件,转换成硬路径,速度更快
require dirname(__FILE__) . '/includes/common.inc.php';
//修改资料
if (@$_GET['action'] == 'modify') {
//为防止恶意注册,跨站攻击
if ($system['code'] == 1) {
check_code($_POST['code'], $_SESSION['code']);
}
if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建空数组,用来存放提交的合法数据
$clean = array();
$clean['password'] = check_modify_password($_POST['password'], 6);
$clean['sex'] = check_sex($_POST['sex']);
$clean['photo'] = check_photo($_POST['photo']);
$clean['email'] = check_email($_POST['email'], 6, 40);
$clean['qq'] = check_qq($_POST['qq']);
$clean['url'] = check_url($_POST['url'], 40);
$clean['switch'] = $_POST['switch'];
}
require_once get_langfile_path("", false, $CURLANGDIR);
function bark($msg)
{
global $lang_confirm_resend;
stdhead();
stdmsg($lang_confirm_resend['resend_confirmation_email_failed'], $msg);
stdfoot();
exit;
}
if ($verification == "admin") {
bark($lang_confirm_resend['std_need_admin_verification']);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($iv == "yes") {
check_code($_POST['imagehash'], $_POST['imagestring'], "confirm_resend.php", true);
}
$email = unesc(htmlspecialchars(trim($_POST["email"])));
$wantpassword = unesc(htmlspecialchars(trim($_POST["wantpassword"])));
$passagain = unesc(htmlspecialchars(trim($_POST["passagain"])));
$email = safe_email($email);
if (empty($wantpassword) || empty($passagain) || empty($email)) {
bark($lang_confirm_resend['std_fields_blank']);
}
if (!check_email($email)) {
failedlogins($lang_confirm_resend['std_invalid_email_address'], true);
}
$res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or failedlogins($lang_confirm_resend['std_email_not_found'], true);
if ($arr["status"] != "pending") {
failedlogins($lang_confirm_resend['std_user_already_confirm'], true);
require_once "include/bittorrent.php";
header("Content-Type: text/html; charset=utf-8");
if (!mkglobal("username:password")) {
die;
}
dbconn();
require_once get_langfile_path("", false, get_langfolder_cookie());
cur_user_check();
function bark($text = "")
{
global $lang_takelogin;
$text = $text == "" ? $lang_takelogin['std_login_fail_note'] : $text;
stderr($lang_takelogin['std_login_fail'], $text, false);
}
if ($iv == "yes") {
check_code($_POST['imagehash'], $_POST['imagestring'], 'login.php', true);
}
if (get_magic_quotes_gpc()) {
$username = stripslashes($username);
}
$res = sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = "******"'" . mysql_real_escape_string($username) . "'");
$row = mysql_fetch_array($res);
if (!$row) {
failedlogins();
}
if ($row['status'] == 'pending') {
failedlogins($lang_takelogin['std_user_account_unconfirmed']);
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) {
login_failedlogins();
}
require_once get_langfile_path("", true);
require_once get_langfile_path("", false, get_langfolder_cookie());
function bark($msg)
{
global $lang_takesignup;
stdhead();
stdmsg($lang_takesignup['std_signup_failed'], $msg);
stdfoot();
exit;
}
$type = $_POST['type'];
if ($type == 'invite') {
registration_check();
failedloginscheck("Invite Signup");
if ($iv == "yes") {
check_code($_POST['imagehash'], $_POST['imagestring'], 'signup.php?type=invite&invitenumber=' . htmlspecialchars($_POST['hash']));
}
} else {
registration_check("normal");
failedloginscheck("Signup");
//if ($iv == "yes")
//check_code ($_POST['imagehash'], $_POST['imagestring']);
}
function isportopen($port)
{
$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
if ($sd) {
fclose($sd);
return true;
} else {
return false;
public function checkCode()
{
session_start();
//re start
$code = rand_string(4);
$_SESSION['check_code'] = strtolower($code);
check_code($code);
}
stdmsg($lang_takesignup['std_signup_failed'], $msg);
stdfoot();
exit;
}
$type = $_POST['type'];
if ($type == 'invite') {
registration_check();
failedloginscheck("Invite Signup");
if ($iv == "yes") {
check_code($_POST['imagehash'], $_POST['imagestring'], 'signup.php?type=invite&invitenumber=' . htmlspecialchars($_POST['hash']));
}
} else {
registration_check("normal");
failedloginscheck("Signup");
if ($iv == "yes") {
check_code($_POST['imagehash'], $_POST['imagestring']);
}
}
function isportopen($port)
{
$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
if ($sd) {
fclose($sd);
return true;
} else {
return false;
}
}
function isproxy()
{
$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
set_langfolder_cookie($lang_folder);
header("Location: " . $_SERVER['PHP_SELF']);
}
}
require_once get_langfile_path("", false, $CURLANGDIR);
function bark($msg)
{
global $lang_recover;
stdhead();
stdmsg($lang_recover['std_recover_failed'], $msg);
stdfoot();
exit;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($iv == "yes") {
check_code($_POST['imagehash'], $_POST['imagestring'], "cardrecover.php", true);
}
$stuid = unesc(htmlspecialchars(trim($_POST["stuid"])));
$cardpass = unesc(htmlspecialchars(trim($_POST["password"])));
if (!$stuid) {
failedlogins($lang_recover['std_missing_stuid'], true);
}
if (!$cardpass) {
failedlogins($lang_recover['std_missing_password'], true);
}
if (!getOneCard($stuid, $cardpass)) {
failedlogins($lang_recover['std_stuid_failed'], true);
}
$res = sql_query("SELECT * FROM users WHERE cardnum=" . sqlesc($stuid) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (!$arr) {
if ($_GPC['do'] == 'save') {
$result = base64_decode($_GPC['result']);
header("Content-type:application/vnd.ms-excel");
header("Content-Disposition:filename=result.xls");
exit($result);
}
if ($_GPC['do'] == 'search' || $_GPC['do'] == 'search_save') {
$hashCode = strtolower($_GPC['code']);
$hash = md5($hashCode . $_W['config']['setting']['authkey']);
if ($_GPC['__code'] != $hash) {
message('你输入的验证码不正确');
}
if ($_GPC['__code'] != $hash) {
message('你输入的验证码不正确');
}
check_code($code);
if (!is_file($file['tmp_name']) && empty($data)) {
message('提交内容为空');
}
$originArray = array();
if (is_file($file['tmp_name'])) {
$content = file_get_contents($file['tmp_name']);
$content = filter_file($content, $originArray);
} elseif ($data) {
$content = filter_file($data, $originArray);
}
$status = pdo_fetchall("SELECT * FROM " . tablename('account_status'), array(), 'id');
$account = pdo_fetchall("SELECT * FROM " . tablename('account') . " WHERE account_type={$type} AND account in({$content}) ", array(), 'account');
$result = template('index/multi_table', TEMPLATE_FETCH);
}
if ($_GPC['do'] == 'search_save') {
if (preg_match_all($regexpstr, $hash, $matches)) {
return true;
} else {
return false;
}
} else {
return false;
}
}
if (count($_GET) == 1) {
require_once 'include/configpage.php';
require_once 'include/emaillib.php';
setCss();
headerSet();
$code = $_GET['code'] or die('<p class="message">Error');
check_code($code) or die('<p class="message">Ooops');
if (verify_data($code) == "pending") {
$username = read_data($code);
//print $username;
if ($username != "Error") {
if (gen_pass_mail($code, $username)) {
print '<p class="message">Your password has been changed and sent, please check your email';
}
} else {
die('<p class="message">Error, can\'t get your email, please contact the Administrator');
}
} else {
die('<p class="message">Error, invalid code, please contact the Administrator');
}
} else {
die('<p class="message">Error, invalid parameters, please contact the Administrator');
//////////////////////////////////////////////////////////
//Обработка если нажали кнопку
if (isset($_POST['name'])) {
session_start();
$cap = $_SESSION['captcha'];
$_SESSION['captcha'] = '';
$info = '';
$online_theme = strip_tags(stripslashes(substr($_POST['subj'], 0, 100)));
$email = strip_tags(stripslashes(substr($_POST['email'], 0, 30)));
$name = strip_tags(stripslashes(substr($_POST['name'], 0, 30)));
$message = strip_tags(stripslashes(substr($_POST['message'], 0, 30)));
if (!empty($_POST['name'])) {
if (!empty($_POST['email'])) {
if (!empty($_POST['message'])) {
//Отправка письмо если все проверено!
if (check_code($_POST['code'], $cap)) {
//////////////////////////////////////////////////////////
// XXX //
//////////////////////////////////////////////////////////
##### MESSAGE #######
$txt = "Тема: " . $online_theme . "\n";
$txt .= "E-mail: " . $email . "\n";
$txt .= "Имя: " . $name . "\n";
$txt .= "Сообщение: " . $message;
##### MESSAGE #######
/* php mailer test */
date_default_timezone_set('Etc/UTC');
require 'PHPM/PHPMailerAutoload.php';
$mail = new PHPMailer();
$mail->isSMTP();
$mail->CharSet = "utf-8";
exec("mktemp -d data/genomes/XXXXXXXX", $tmparray);
$dir = $tmparray[0];
chmod($dir, 0770);
move_uploaded_file($_FILES["position"]["tmp_name"], $dir . "/" . "position.txt");
$code = end(explode("/", $dir));
} else {
$code = $_POST["code"];
if (!ctype_alnum($code)) {
echo "Code should contain only alphanumeric characters";
echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Go Back\"";
echo " ONCLICK=\"history.go(-1)\">";
echo "</FORM>";
clus_end();
exit(0);
}
if (!check_code($code)) {
echo "Code already in use";
echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Go Back\"";
echo " ONCLICK=\"history.go(-1)\">";
echo "</FORM>";
clus_end();
exit(0);
}
$code = $_POST["code"];
$dir = "data/genomes/" . $code;
mkdir($dir, 0770);
move_uploaded_file($_FILES["position"]["tmp_name"], $dir . "/" . "position.txt");
}
// Start randomizations jobs
// $jid = start_job("randomizzatore/pval-table.sh " . $dir . " 10000",
// $dir . "/jobout.txt", $dir . "/joberr.txt");